Commit Graph

31 Commits (f86837ca8c3afe511ba10f5a82d418f3d8dc7ce7)

Author SHA1 Message Date
meizjm3i a987b8be9f corrected a single quotation mark closure error 2020-05-29 18:35:22 +08:00
meizjm3i 7670e2c36c Update ERB SSTI tips 2020-05-29 12:28:55 +08:00
idealphase 712e3b93f6
Sorting like basic injection part 2020-04-30 17:15:31 +07:00
idealphase 7f1fb32980
Adding Execute code using SSTI for ERB engine. 2020-04-30 17:13:58 +07:00
Swissky 89f906f7a8 Fix issue - C reverse shell 2020-04-21 11:17:39 +02:00
Swissky 95fed140ec Fix - SSTI Payloads 2020-04-21 11:13:19 +02:00
Swissky 1d8414c703 ASP.NET Razor SSTI 2020-04-18 21:18:22 +02:00
Swissky a19fd013fb
Merge pull request #181 from SecGus/master
Added RCE SSTI Jinja2 Bypass payload developed by SecGus (chivato)
2020-04-13 19:42:14 +02:00
chiv 7e7f5e7628 Added SSTI RCE bypass payload for Jinja2 2020-04-13 18:48:43 +01:00
chiv cc3b05017d Added a new RCE payload to Jinja2 SSTI bypasses 2020-04-13 18:44:16 +01:00
SakiiR SakiiR 38c273ff00 Added IFS (WAF bypass) to Symfony Twig RCE 2020-03-29 23:23:26 +02:00
SakiiR SakiiR 8b78c2fe71 Added filter(system) twig RCE 2020-03-29 23:19:27 +02:00
Swissky 268d85b4bf Symfony SSTI Twig RCE 2020-03-29 22:34:26 +02:00
chiv fe4bdb0df4 Improvement to the SSTI RCE 2020-03-09 18:19:33 +00:00
Swissky bcb24c9866 Abusing Active Directory ACLs/ACEs 2019-12-30 14:22:10 +01:00
Swissky 6f4a28ef66 Slim RCE + CAP list 2019-12-05 23:06:53 +01:00
Alexandre ZANNI 6a398ca5c3
Ruby: add slim 2019-11-16 17:29:55 +01:00
Swissky ed252df92e krb5.keytab + credential use summary 2019-10-20 13:25:06 +02:00
Swissky a0917241ad Pebble - Server Side Template Injection 2019-09-17 15:43:13 +02:00
Swissky 45af613fd9 Active Directory - Unconstrained delegation 2019-07-17 23:17:35 +02:00
Swissky 382bd9acec Type Juggling - Another SHA 256 2019-07-14 14:23:20 +02:00
Swissky 504caa3b50 SSTI by calling Popen without guessing the offset 2019-07-10 21:31:44 +02:00
Swissky 05054af343 JWT RS256 to HS256 using pubkey to generate a signature 2019-07-10 20:58:50 +02:00
Brendan Scarvell 601db0e188 Added freemarker PoC that doesn't require spaces or tags 2019-06-24 21:38:56 +10:00
Swissky b4633bbb66 sudo_inject + SSTI FreeMarker + Lin PrivEsc passwords 2019-04-14 21:01:14 +02:00
Swissky c66197903f MYSQL Truncation attack + Windows search where 2019-04-14 19:46:34 +02:00
Swissky 90b182f10f AD references - Blog Post + SSTI basic config item 2019-03-24 16:26:00 +01:00
tkmk 0913e8c3bd Fix changed urls 2019-03-19 20:18:06 +08:00
Swissky 404afd1d71 Fix name's capitalization 2019-03-07 00:07:55 +01:00
Swissky 21d1fe7eee Fix name - Part 1 2019-03-07 00:07:14 +01:00
Swissky b9f2fe367c Bugfix - Errors in stashed changes 2019-01-28 20:27:45 +01:00